AI is now a cybersecurity story

A frontier artificial intelligence model is no longer just a better autocomplete tool. Britain’s National Cyber Security Centre said in April 2026 that the newest systems are already helping with steps inside real cyber operations, including finding previously unknown flaws in widely used software and solving cryptographic challenges. (ncsc.gov.uk) That changes the argument around model releases. If a model can act like a tireless junior security researcher that never sleeps, then giving broad access to it starts to look less like shipping a chatbot and more like handling a dual-use security tool. (ncsc.gov.uk) (openai.com) The basic problem is simple: modern software has millions of lines of code, and hidden mistakes inside that code are like unlocked windows in a city full of buildings. A capable model can inspect code at machine speed, suggest exploit paths, and help turn a small bug into a break-in plan much faster than a human working alone. (deepmind.google) (arxiv.org) Google DeepMind said its offensive cyber benchmark covers 50 challenges across the attack chain, from reconnaissance to malware work. Anthropic said in October 2025 that frontier models had become useful for practical tasks like detecting, analyzing, and fixing vulnerabilities in code and deployed systems. (deepmind.google) (anthropic.com) OpenAI published an outbound coordinated disclosure policy in June 2025 for vulnerabilities it discovers in third-party software. The company said it was formalizing that process because more capable models would make coordinated vulnerability disclosure a necessary practice at much larger scale. (openai.com) That is where “pre-patching” enters the story. Instead of releasing a stronger model first and letting the software world scramble later, developers and infrastructure companies are trying to identify flaws in critical codebases before wider deployment gives attackers the same advantage. (openai.com) (anthropic.com) Anthropic’s Project Glasswing, announced in April 2026, is built around that idea. It brings together Amazon Web Services, Apple, Broadcom, Cisco, CrowdStrike, Google, JPMorganChase, the Linux Foundation, Microsoft, NVIDIA, and Palo Alto Networks to secure widely used software before artificial intelligence-driven vulnerability discovery scales further. (anthropic.com) Governments are treating this as a systems-security issue too, not just a product-safety issue. The United States Cybersecurity and Infrastructure Security Agency published an Artificial Intelligence Cybersecurity Collaboration Playbook to coordinate incident sharing, vulnerability reporting, and resilience work across government and industry. (cisa.gov) Britain’s AI Security Institute has also been working directly with frontier model developers on model security testing. Its published description says the team includes researchers in adversarial machine learning who probe safeguards and identify weaknesses before systems are deployed more broadly. (aisi.gov.uk) Central banks have joined in because cyber risk does not stay inside technology companies. A 2025 Bank for International Settlements paper on generative artificial intelligence and cyber security in central banking said the technology creates new defensive opportunities but also new risks, and a separate 2025 governance report urged formal risk-management structures for artificial intelligence adoption at central banks. (bis.org 1) (bis.org 2) The Bank of England pushed the same issue into financial-stability language in April 2025. Its Financial Stability in Focus report on artificial intelligence in the financial system warned that concentration, third-party dependence, and operational failures could turn artificial intelligence problems into broader market stress. (bankofengland.co.uk) So the new race is not only about who has the smartest model. It is also about who can restrict access, test dangerous capabilities, coordinate disclosures, and build trusted channels with the companies that run the operating systems, cloud platforms, routers, and open-source software that everyone else depends on. (anthropic.com) (openai.com) (ncsc.gov.uk)